The Enemy Among Us

30 Oct 2008By Ward Carroll

In the past few months, organization after organization and expert after expert have come out and warned of the imminent threat posed by cyber attacks. There can be little doubt left about the increasing threat of cyber attacks on businesses, government and critical infrastructure. At this point cyber attacks pose an unprecedented threat to the computer systems and networks that have become so integral to virtually every aspect of our live. The top two questions that are on many peoples' minds are -- where are these attacks coming from and how are these attacks done? Well, to answer these two questions we must first examine one of the most common types of attack and the components that make up the cyber weapon that is used in the attack.

Zombies

A Zombie refers to any computer that has been compromised and has malicious code installed that puts it under the control of hackers without the knowledge of the computer owner. Zombies are widely used as the weapon of choice when launching DoS attacks.

INTEL: Research has indicated that an improperly protected computer connected to the internet is compromised and turned into a zombie in about one minute.

BotNets

Criminal elements and rogue nation states have created more active zombie networks in the last month than ever before. At any given moment there are approximately 1,000 active botnets. In total, experts estimate that there are nearly 300,000 botnets in place today. The largest botnet is thought to control between 150 and 180 million computers and is operated by the Russian Business Network (RBN). Detecting and disrupting botnets is a particularly difficult challenge. An already bad situation is getting worse!

A study using Scenario-Based Intelligence Analysis (SBIA), a strategic threat modeling methodology by Technolytics, determined that we can expect to see hackers attempting to inject malware into cell phones to turn them into remote-controlled bots as well. These Cellbots can then be used much in the same way as computers. This includes their use in launching distributed denial-of-service attacks that can cripple cell phone networks in addition to computer networks and systems that they target.

INTEL: Tools are already available for crafting exploits for the multiple smart phones.

DoS

Denial-of-Service attacks aim to bring a site down by bombarding it with fake requests for a web page or image. A denial-of-service (DoS) refers to a cyber attack technique that a multitude of compromised computers attack a single target by flooding the attack target with incoming traffic until the target is forced to shut down, thereby denying access to the system to legitimate users. BotNets are the primary cyber weapon used to carry out such attacks.

INTEL: Experts have estimated that on any given day there are about 1,300 Denial of Service attacks.

On the 27th of August at approximately 16:18 a DoS attack against the Georgian websites was launched. The main target was the Georgian Ministry of Foreign Affairs. The attacks peaked at approx 0.5 million network packets per second, and up to 200-250 Mbits per second. So who was the enemy where all this attack traffic originate? The startling fact is that the enemy lives among us! Multiple reports point to the U.S. as the largest source of this malicious traffic. Estimates of 17% to around 30% of the DoS traffic that targeted Estonia and the Republic of Georgia came from compromised computers within the borders of the United States. In a separate study it was determined that 20.6 million attempted attacks originated from computers within the U.S., and only 7.7 million attempted attacks emanating from computers within China's borders (a distant second).

The threat that botnets pose to businesses and national security has never been higher. The U.S. government and American businesses have yet to take the steps necessary to secure their networks and systems. Should escalation in cyber attacks continue, targeted attacks against the private sector (commercial entities) will rapidly become more prevalent. Therefore, organization need to create a response plan now.

Any computer connected to the Net can be compromised and turned into a cyber weapon. Are your computers part of the problem? Could they be? Chances are they are! Could you be held liable? Chances are you can! Carol Baroudi, research director of security at the Aberdeen Group has stated she thinks regulations are coming.

"Ultimately I think there's going to be some liability there," she said, likening the situation to merchants being held culpable for data loss. "Why wouldn't the organization with infected machines be held accountable for DoS attacks?" This problem is growing and the impact of attacks is increasing. One report by the Congressional Research Services suggests that cyber attacks cost businesses some $226 billion annually.